On a daily basis, we intercept hundreds of thousands of fraudulent or malicious emails whose purpose is to either infect users with malicious software or turn them into victims of fraudulent schemes. About 99% of these campaigns rely on social engineering tactics, and in the cases where they don’t include direct links to the actual malware, they direct users to the market leading Black Hole Exploit Kit.

In terms of volume and persistence, throughout January, 2013, a single malicious campaign impersonating FedExtopped our metrics data. What’s so special about this campaign? It’s the fact that the digital fingerprint of one of the most recently introduced malware variants used in the campaign corresponds to the digital fingerprint of a malware-serving campaign that we’ve already profiled, indicating that they’ve been launched by the same cybercriminal/gang of cybercriminals.

More details:

Sample screenshot of the spamvertised email:

Sample spamvertised compromised URLs part of the campaign:hxxp://relax-legend.ba/ZXSZUSBLZG.php?receipthxxp://stylephone.co.il/misc/teasers.php?receipthxxp://voguepay.com/FEZDVUUCLG.php?receipt=hxxp://sunrisemedya.com/HAEJMKGUMT.php?receipthxxp://sunseekerownersclub.com/OOLZRZQTIW.php?receipthxxp://selimi-fugenabdichtungen.de/IYSZJVVIRA.php?receipthxxp://sunseekerownersclub.com/OOLZRZQTIW.php?receipthxxp://www.cursillodeorientacion.com/OLKIHLKYSB.php?receipthxxp://www.diocesebatroun.org/UEKFWHOJPF.php?receipthxxp://suarevista.com.br/QGQRXAOJLV.php?receipthxxp://fundloan.info/AYKQRUYOSL.php?receipthxxp://secretmobilemoneyprofits.com/SCTQOFXHVC.php?php=receipthxxp://www.matwigley.co.uk/SOJAJDTLAX.php?php=receipthxxp://rossiangelo.it/ALAGZUCWHV.php?receipthxxp://tqm.com.ua/misc/teasers.php?receipthxxp://metalphotosplus.com/PAUDSPBBXE.php?receipthxxp://businesscoaching24.com/BWMIZNPQAT.php?receipthxxp://www.bsf.org.pk/misc/teasers.php?get_receipthxxp://ferz.kiev.ua/misc/teasers.php?get_receipt